[meta-virtualization] [PATCH 7/7] xen: vTPM and vTPM Manager stubdoms for Xen
Kurt Bodiker
kurt.bodiker at braintrust-us.com
Mon Mar 5 07:35:07 PST 2018
From: kebodiker <kurt.bodiker at braintrust-us.com>
The vTPM stubdomain allows a virtual TPM to be created and used to
provide TPM functionality to Xen guest domains. The vTPM Manager
stubdomain seals the secrets of each vTPM to the physical TPM, thereby
extending the chain of trust to the virtual machines in Xen. More
information on Xen vTPMs found at
https://xenbits.xen.org/docs/unstable/man/xen-vtpm.7.html This xen-vtpm
recipe uses Xen/stubdom source tree to build the Xen vTPM and vTPM
Manager binaries and MiniOS source tree to build the Xen vTPM and vTPM
Manager stubdomains.
Signed-off-by: Kurt Bodiker <kurt.bodiker at braintrust-us.com>
---
recipes-extended/xen/xen-vtpm.inc | 97 ++++++++++++++++++++++++++++++++++++
recipes-extended/xen/xen-vtpm_1.0.bb | 16 ++++++
2 files changed, 113 insertions(+)
create mode 100644 recipes-extended/xen/xen-vtpm.inc
create mode 100644 recipes-extended/xen/xen-vtpm_1.0.bb
diff --git a/recipes-extended/xen/xen-vtpm.inc b/recipes-extended/xen/xen-vtpm.inc
new file mode 100644
index 0000000..4337bb9
--- /dev/null
+++ b/recipes-extended/xen/xen-vtpm.inc
@@ -0,0 +1,97 @@
+# Copyright (C) 2017 Kurt Bodiker <kurt.bodiker at braintrust-us.com>
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+require stubdom.inc
+
+DEPENDS += "\
+ newlib \
+ lwip \
+ polarssl \
+ stubdom-gmp \
+ tpm-emulator \
+"
+
+# redefine everything ??? maybe just need to blank out HOST_CC_ARCH, HOST_LD_ARCH, HOST_AS_ARCH?
+export CC="${HOST_PREFIX}gcc --sysroot=${RECIPE_SYSROOT}"
+export CCLD="${HOST_PREFIX}gcc --sysroot=${RECIPE_SYSROOT}"
+export CXX="${HOST_PREFIX}g++ --sysroot=${RECIPE_SYSROOT}"
+export CPP="${HOST_PREFIX}gcc -E --sysroot=${RECIPE_SYSROOT}"
+export LD="${HOST_PREFIX}ld --sysroot=${RECIPE_SYSROOT}"
+export LD_LTO="${HOST_PREFIX}ld --sysroot=${RECIPE_SYSROOT}"
+export AS="${HOST_PREFIX}as"
+export AR="${HOST_PREFIX}ar"
+export NM="${HOST_PREFIX}nm"
+export RANLIB="${HOST_PREFIX}ranlib"
+export OBJDUMP="${HOST_PREFIX}objdump"
+export OBJCOPY="${HOST_PREFIX}objcopy"
+export STRIP="${HOST_PREFIX}strip"
+export STRINGS="${HOST_PREFIX}strings"
+export READELF="${HOST_PREFIX}readelf"
+
+
+# Required for some of the config stuff ---> still?
+export STUBDOM_TARGETS="vtpm vtpmmgr"
+
+VTPM_CPPFLAGS = "-I${RECIPE_SYSROOT}/cross-root-${XEN_TARGET_ARCH}/${GNU_TARGET_ARCH}-xen-elf/include/tpm-emulator/build"
+VTPM_CPPFLAGS += "-I${RECIPE_SYSROOT}/cross-root-${XEN_TARGET_ARCH}/${GNU_TARGET_ARCH}-xen-elf/include/tpm-emulator/crypto"
+VTPM_CPPFLAGS += "-I${RECIPE_SYSROOT}/cross-root-${XEN_TARGET_ARCH}/${GNU_TARGET_ARCH}-xen-elf/include/tpm-emulator/tpm"
+VTPM_CPPFLAGS += "-I${RECIPE_SYSROOT}/cross-root-${XEN_TARGET_ARCH}/${GNU_TARGET_ARCH}-xen-elf/include/tpm-emulator"
+
+# including from here instead of recipe sysroot prevents us from poisoning our includes.
+STUBDOM_CPPFLAGS += "-isystem ${WORKDIR}/xen/tools/xenstore/include/"
+
+do_configure() {
+
+ # GCC 7 fails linking header defined inlines if not declared 'static' or 'extern'
+ # This was fixed in Xen 4.10.0+, so we need to look at version of Xen source we're using
+ # to determine if we need to modify inline declarations.
+ # 'echo -e' to enable interpretation of backslashes
+ # 'sort -V' to natural sort version numbers
+ # 'head -n1' to capture the first line of output from sort command
+ if [ "${XEN_VERSION}" = `echo -e "${XEN_VERSION}\n4.9.999" | sort -V | head -n1` ]; then
+ sed -i "s/^inline/static inline/g" ${WORKDIR}/xen/stubdom/vtpmmgr/*.h
+ fi
+
+ for i in AR AS NM RANLIB OBJDUMP OBJCOPY STRIP STRINGS READELF CXX LD LD_LTO CC CPP; do
+ sed -i "s/^\($i\s\s*\).*=/\1?=/" ${WORKDIR}/xen/config/StdGNU.mk
+ sed -i "s/^\($i\s\s*\).*=/\1?=/" ${WORKDIR}/mini-os/Config.mk
+ done
+
+ # replicate the TARGETS_MINIOS target in xen/stubdom/Makefile
+ for i in ${STUBDOM_TARGETS}; do
+ [ -d ${WORKDIR}/xen/stubdom/mini-os-${XEN_TARGET_ARCH}-$i ] ||
+ for j in $(cd ${WORKDIR}/mini-os ; find . -type d) ; do \
+ mkdir -p ${WORKDIR}/xen/stubdom/mini-os-${XEN_TARGET_ARCH}-$i/$j; \
+ done
+ done
+
+ ${MAKE} MINIOS_CONFIG="${WORKDIR}/xen/stubdom/vtpm/minios.cfg" CONFIG_FILE="${WORKDIR}/xen/stubdom/vtpm-minios-config.mk" DESTDIR= -C ${WORKDIR}/mini-os config
+ ${MAKE} MINIOS_CONFIG="${WORKDIR}/xen/stubdom/vtpmmgr/minios.cfg" CONFIG_FILE="${WORKDIR}/xen/stubdom/vtpmmgr-minios-config.mk" DESTDIR= -C ${WORKDIR}/mini-os config
+}
+
+do_compile() {
+
+
+ CPPFLAGS="`cat ${WORKDIR}/xen/stubdom/vtpm-minios-config.mk` ${STUBDOM_CPPFLAGS} ${VTPM_CPPFLAGS}" CFLAGS="${STUBDOM_CFLAGS}" ${MAKE} -C ${WORKDIR}/xen/stubdom/vtpm
+ DEF_CPPFLAGS="${STUBDOM_CPPFLAGS}" DEF_CFLAGS="${STUBDOM_CFLAGS}" DEF_LDFLAGS="${STUBDOM_LDFLAGS}" MINIOS_CONFIG="${WORKDIR}/xen/stubdom/vtpm/minios.cfg" ${MAKE} -C ${WORKDIR}/mini-os OBJ_DIR=${WORKDIR}/xen/stubdom/mini-os-x86_64-vtpm APP_OBJS="${WORKDIR}/xen/stubdom/vtpm/vtpm.a" APP_LDLIBS="-ltpm -ltpm_crypto -lgmp -lpolarssl"
+
+ CPPFLAGS="`cat ${WORKDIR}/xen/stubdom/vtpmmgr-minios-config.mk` ${STUBDOM_CPPFLAGS}" CFLAGS="${STUBDOM_CFLAGS}" ${MAKE} -C ${WORKDIR}/xen/stubdom/vtpmmgr
+ DEF_CPPFLAGS="${STUBDOM_CPPFLAGS}" DEF_CFLAGS="${STUBDOM_CFLAGS}" DEF_LDFLAGS="${STUBDOM_LDFLAGS}" MINIOS_CONFIG="${WORKDIR}/xen/stubdom/vtpmmgr/minios.cfg" ${MAKE} -C ${WORKDIR}/mini-os OBJ_DIR=${WORKDIR}/xen/stubdom/mini-os-x86_64-vtpmmgr APP_OBJS="${WORKDIR}/xen/stubdom/vtpmmgr/vtpmmgr.a" APP_LDLIBS="-lm -lpolarssl"
+}
+
+PACKAGES = "\
+ ${PN}-vtpm-stubdom \
+ ${PN}-vtpmmgr-stubdom \
+"
+FILES_${PN}-vtpm-stubdom="\
+ ${libdir}/xen/boot/vtpm-stubdom.gz \
+"
+
+FILES_${PN}-vtpmmgr-stubdom="\
+ ${libdir}/xen/boot/vtpmmgr-stubdom.gz \
+"
+
+do_install() {
+ install -m 644 -D ${B}/stubdom/mini-os-${XEN_TARGET_ARCH}-vtpm/mini-os.gz ${D}${libdir}/xen/boot/vtpm-stubdom.gz
+ install -m 644 -D ${B}/stubdom/mini-os-${XEN_TARGET_ARCH}-vtpmmgr/mini-os.gz ${D}${libdir}/xen/boot/vtpmmgr-stubdom.gz
+}
diff --git a/recipes-extended/xen/xen-vtpm_1.0.bb b/recipes-extended/xen/xen-vtpm_1.0.bb
new file mode 100644
index 0000000..f5b21b4
--- /dev/null
+++ b/recipes-extended/xen/xen-vtpm_1.0.bb
@@ -0,0 +1,16 @@
+# Copyright (C) 2017 Kurt Bodiker <kurt.bodiker at braintrust-us.com>
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+DESCRIPTION = "MiniOS-based vTPMs for Xen"
+HOMEPAGE = "https://www.xenproject.org"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=bbb4b1bdc2c3b6743da3c39d03249095"
+
+SRC_URI += "\
+ git://xenbits.xen.org/xen.git;protocol=git;rev=RELEASE-${XEN_VERSION};nobranch=1;destsuffix=xen;name=xen \
+"
+
+S="${WORKDIR}/xen"
+B="${S}"
+
+require xen-vtpm.inc
--
2.14.2
--
*This email and all attachments are considered confidential and the
proprietary information of BrainTrust Holdings. Unauthorized disclosure is
prohibited. *
More information about the meta-virtualization
mailing list